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TITLE OF THE INVENTION 

A Method And System For Distribution Policy Enforcement On Fax 



CROSS-REFERENCE TO RELATED APPLICATIONS 
This application is related to and claims priority from U.S. 
Provisional Patent Application No. 60/450,336, filed February 28, 2003, 
the contents of which are hereby incorporated herein by reference in 
their entirety. 



FIELD OF THE INVENTION 

The present invention relates generally to the field of securing 
information. More specifically, the present invention deals with methods 
for protecting from confidential Information leakage via fax messages. 



BACKGROUND OF THE INVENTION 



The information and knowledge created and accumulated by 
organizations and businesses are most valuable assets. As such, 
25 managing and keeping the information and the knowledge inside the 
organization is of paramount importance for almost any organization, 
government entity or business, and provides a significant leverage of its 
value. 

One source of information leakage is faxes machines and fax 
30 servers, which are widely used in businesses and organizations. The 
usage of faxes causes, in some cases, unintentional information leakage, 
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when faxes are sent to the wrong destination. In other cases, careless 
usage of fax machines causes sending of confidential information in a 
manner that does not comply with the organizational policy, and the 
confidential or otherwise sensitive information can thereafter be exposed 
5 to unauthorized recipients or to eavesdroppers, thereby breaching the 
confidentiality of the organizational information and possibly also 
exposing it to legal liabilities. 

The problem is further complicated due to the fact that some of 
the organizations uses fax servers, while other uses modem-based 

1 0 (legacy) fax machines or both. 

Prior art solutions focus on fax encryption. However, such 
solutions usually required special hardware both at the sender and the 
recipient sites, and do not integrate seamlessly with the normal 
organizational workflow. 

15 There is thus a recognized need for, and it would be highly 

advantageous to have, a method and system that allow monitoring and 
controlling of unauthorized dissemination of information via faxes, 
which will overcome the drawbacks of current methods as described 
above. 

20 



SUMMARY OF THE INVENTION 



According to a first aspect of the present invention, a method 
lor enforcing a distribution policy with respect to information 
25 transmitted from a sending fax machine to a recipient fax machine as fax 
traffic is presented, lhe method comprising defining an information 
distribution policy with respect to the fax traffic, then monitoring the fax 
traffic in accordance with the distribution policy, where the monitoring 
comprising: 

(0 de-modulating the fax traffic being monitored into a digital 
stream; 
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(ii) reconstructing from the digital stream a graphic image 
representing at least part of the information within the fax traffic; and 

(iii) analyzing information within the reconstructed image, 

and then applying the distribution policy with respect to the 
5 analyzed fax traffic. 

In a preferred embodiment of the present invention, the method 
further comprising initially forwarding the fax traffic from a sending fax 
device to a an intermediate fax modem attached to a digital storage 
device; applying the monitoring to the fax traffic at the digital storage 
10 device, and sending the information as fax in accordance with the 

distribution policy from the digital storage device to a recipient fax 
device. 

In a preferred embodiment of the present invention applying 
the distribution policy comprises applying die distribution policy 
15 according to the results of the analyzing information within the 
reconstructed image. 

In a preferred embodiment of the present invention analyzing 
information within the reconstructed image comprising performing 
optical character recognition over the fax data. 

a P rc lerred embodiment of the present invention, analyzing 
information within the reconstructed image further comprising 
identification of the source of the faxed document. 

In a preferred embodiment of the present invention, analyzing 
information within the reconstructed image further comprises 
25 identification of key-words or key phrases within the fax message. 

In a preferred embodiment of the present invention, applying of 

the pre-defined policy comprises adding forensic information to the 
document. 

In a preferred embodiment of the present invention, the policy 
30 comprises determining at least one of the following: 
the set of authorized recipients, and 
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the required action. 

In a preferred embodiment of the present invention, the policy 
comprises at least one of the following: 

Blocking the transmission; 

5 Logging a record of a fax transmission event and its details, and 

Reporting about the fax transmission event and its details 
according to a pre-defined policy. 

In a preferred embodiment of the present invention, applying the 
policy comprises blocking the transmission to unauthorized recipients. 

10 In a preferred embodiment of the present invention, blocking is 

applied according to the recipient’s phone-numbers. 

In a preferred embodiment of the present invention, identifying 
the recipient’s phone-numbers comprises transforming the recipient’s 
phone-number to a Domain-Name Server address. 

^ t n a preferred embodiment of the present invention, logged 

record comprises the sender, the recipients and the identity of the faxed 
document. 

In a preferred embodiment of the present invention, monitoring 
the fax traffic effected by the distribution policy comprises 
20 eavesdropping on the fax traffic. 

In a preferred embodiment of the present invention, the 
distribution policy comprises putting a marker on fax messages, the 
marker allowing automatic identification or classification of the fax and 
its content. 

25 In a preferred embodiment of the present invention, the 

distribution policy comprises embedding details of a sender on the sent 
message. 

In a preferred embodiment of the present invention, embedding 
of the details comprises embedding the details in a substantially 
30 imperceptible manner. 

Jn a preferred embodiment of the present invention, the 
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embedding of the details in a substantially imperceptible manner is 

robust to fax encoding and to attempts to deliberately remove the 
encoding. 

In a preferred embodiment of the present invention, the 
5 distribution policy comprises encrypting at least part of the faxed 
message. 

In a preferred embodiment of the present invention, a 
cryptographic key for decrypting the encrypted message is sent via 
another channel. 

^ a P rc f erre d embodiment of the present invention, the policy 

comprises sending the fax directly to a voice mailbox of a recipient. 

In a preferred embodiment of the present invention, the sending 
fax comprises an analog fax machine. 

In a preferred embodiment of the present invention, forwarding 

15 the tax traffic to the modem comprises: 

Simulating a switch and a receiving fax; 

Receiving the dialed digits and the sent fax; 

Simulating a sending fax, and 

Sending the fax to a modem attached to the digital storage device. 

^ In a preferred embodiment of the present invention, the switch is 

simulated using a central-office card. 

In a preferred embodiment of the present invention, forwarding 
the fax traffic to the modem comprises forwarding using a hot-line 
mechanism. 

'■* a preferred embodiment of the present invention, the hot-line 

is provided by a local PBX switch or a remote switch. 

In a preferred embodiment of the present invention, the 
forwarding occurs belore dialing occurs, and the modem receives the 
dialing directly after an off-hook is received. 

0 In a preferred embodiment of the present invention, the 

forwarding of the fax traffic to the intermediate fax modem comprises: 
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instructing the fax users to dial a specific number, the number 
corresponding to the extension num ber of the modem; 

instructing the fax users to pause alter dialing the specific number 
and then to dial the intended recipient fax number. 

5 In a preferred embodiment of the present invention, the fax is 

sent using the intended recipient fax number dialed by the user. 

In a preferred embodiment of the present invention, the method 
is applied within the sending fax device utilizing dedicated hardware for 
the monitoring. 

10 In a preferred embodiment of the present invention, applying the 

distribution policy is done using a central computer with respect to a 
plurality of fax machines or fax servers. 

In a preferred embodiment of the present invention, the method is 
applied to enforce an overall organizations distribution policy in 
15 conjunction with enforcement over other additional electronic 
distribution channels. In a preferred embodiment of the present 
invention, the additional electronic distribution channels comprise e- 
mail. 

According to a another aspect of the present invention ,a fax 
20 traffic interception device for enforcing a distribution policy with 
respect to information transmitted from a sending fax machine to a 
recipient fax machine as fax traffic is presented. Ihe device comprising 
a policy storage device for storing a predefined information distribution 
policy with respect to the fax traffic, a fax traffic monitor unit for 
25 monitoring the fax traffic, where the monitor unit comprising: 

(i) a fax traffic de-modulator for de-modulating the fax traffic 
being monitored into a digital stream; 

(ii) a data reconstruction unit for reconstructing from the digital 
stream a graphic image representing at least part of the information 

30 within the fax traffic: and 

(iii) an image analyzer for obtaining information regarding 
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content of a respective fax from within the reconstructed image, 

and an enforcement unit associated with the monitoring unit for 
applying the distribution policy with respect to the analyzed fax traffic. 
In a preferred embodiment of the present invention ,the fax traffic 
5 interception device comprising mimic circuitry for mimicking the 
receiving fax machine to the sending fax machine and for mimicking the 
sending fax machine to the receiving fax machine, thereby to intercept 
and subsequently send on the fax traffic. 

In a preferred embodiment of the present invention the image 
10 analyzer is configured to obtain from the reconstructed image an 
identification of the source of the faxed document. 

In a preferred embodiment of the present invention the 
enforcement unit is configured to apply the pre-defined policy by adding 
forensic information to the document. 

15 In a preferred embodiment of the present invention applying the 

policy comprises blocking the transmission to unauthorized recipients. 

In a preferred embodiment of the present invention the fax traffic 
interception device further comprising a switch simulated using a 
central-office card. 

20 In a preferred embodiment of the present invention the fax traffic 

interception device is configured to forward the fax traffic to die modem 
using a hot-iine mechanism. In a preferred embodiment of the present 
invention, this device is configured to apply the forwarding prior to 
dialing, wherein the modem receives a dialing signal directly after an 
25 off-hook signal is received. 

In another aspect of the present invention, a method for enforcing 
a distribution policy with respect to information transmitted via fax 
server is presented. The method comprising defining an information 
distribution policy with respect to the fax traffic, monitoring the fax 
30 traffic in accordance with the distribution policy, where the monitoring 
comprising reconstructing from the digital stream a graphic image 
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representing at least part of the information within the fax traffic and 
analyzing information within the reconstructed image, and applying the 
distribution policy with respect to the lax traffic. 

In another aspect of the present invention, a fax traffic 
5 interception device for enforcing a distribution policy with' respect to 
information transmitted via fax server is presented. The device 
comprising a policy storage device for storing a predefined information 
distribution policy with respect to the fax traffic, a fax traffic monitor 
unit for monitoring the fax traffic, where the monitor unit comprising a 
10 data reconstruction unit for reconstructing from the digital stream a 
graphic image representing at least part of the information within the fax 
traffic and an image analyzer for obtaining information regarding 
content of a respective fax from within the reconstructed image, and an 
enforcement unit associated with the monitoring unit for applying the 
15 distribution policy with respect to the fax traffic. 

In a preferred embodiment of the present invention, system is 
applied as a part of an information distribution policy enforcement 
system, that enforce the organizational distribution policy also with 
respect to e-mail and/or other electronic distribution channels. 

20 It is the object of the present invention to provide a system for 

monitoring and managing the information traffic via fax, specifically but 
not exclusively in order to protect from confidential information 
leakage, in accordance with a pre-deflned policy. 

The present invention successfully addresses the shortcomings of 
25 the presently known configurations by providing a method and system 
lor allow monitoring and controlling of unauthorized dissemination of 
fax messages that preferably comprises identifying the information 
content of the fax message or parts of it before allowing it to be sent, 
which can efficiently serve digital privacy and confidentiality 
30 enforcement. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention will be understood and appreciated more 
fully from the following detailed description taken in conjunction with 
5 the appended drawings in which: 

Fig. 1 illustrates a system for monitoring information 
dissemination via fax machines, constructed and operative according to 
a preferred embodiment of the present invention; 

Fig. 2 is a flowchart that describes the various stages that 
10 comprises a method for monitoring and control fax traffic, operative 
according to a preferred embodiment of the present invention; 

Fig. 3 illustrates a preferred embodiment of a fax traffic monitor 
for a modem-based (legacy) fax machine, utilizing central -office (CO) 
card and a modem; 

15 Fig. 4 illustrates a preferred embodiment for connecting the fax 

traffic monitor via a “hot line”, utilizing PBX switches and modems; 

Fig. 5 is a flowchart that describes the various stages that 
comprises the above method for monitoring and control fax traffic, 
operative according to a preferred embodiment of the present invention; 
20 Fig. 6 illustrates a method for analyzing fax messages by 

eavesdropping and enforcing a policy, constructed and operative 
according to a preferred embodiment of the present invention. 

Fig. 7 describes a system for automatic embedding of 
identification and/or forensic information in fax messages, constructed 
25 and operative according to a preferred embodiment of the present 
invention, and 

Fig. 8 describes a system with a centralized server that allows 
enforcement in de-centralized organizations, constructed and operative 
according to a preferred embodiment of the present invention. 

30 

DETA ILED DESCRIPTION OF PREFERRED EMBODIMENTS 
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The present invention describes a method and system for 
protecting confidential information. In particular, the present invention 
describes a system for monitoring and control information dissemination 
5 via fax machines. The system is operable to enforce a pre-defmed policy 
with respect to fax messages or parts thereof. 

Before explaining at least one embodiment of the invention in 
detail, it is to be understood that the invention is not limited in its 
application to the details of construction and the arrangement of the 
10 components set forth in the following description or illustrated in the 
drawings. The invention is capable of other embodiments or of being 
practiced or carried out in various ways. In addition, it is to be 
understood that the phraseology and terminology employed herein is for 
the purpose of description and should not be regarded as limiting. 

15 According to a first aspect of the present invention, a method and 

a system for protection against information leakage via fax machines 
and Jax servers is presented, based on contextual analysis and screening 
of the fax traffic. In a preferred embodiment of the present invention, the 
system contains a computerized component that acts as a proxy server: it 
20 stores the digital content of the fax massage, analyzes it and, according 
to a pre-defined policy, decides whether to forward the message to the 
indented recipients. 

In a preferred embodiment of the present invention, the system 
performs optical character recognition (OCR) over the fax data, thereby 
25 allowing for analysis of the textual content. Software packages operable 
to perform optical character recognition are prevalent, and can be used 
in order to perform the OCR operation. 

In a preferred embodiment of the present invention, the system 
allow s for identification of the source document of the faxed document 
30 based on its textual content, providing that the source document was 
classified and was introduced as such to the system. In this case, a 
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method similar to the one described in PCT patent application number 
IL02/00037 can be applied in order to identified the content of the 
document. In a preferred embodiment of the present invention, the 
system analyzes key words and key-phrases, and decides whether to 
5 allow transmitting of the fax based on the key-word content. 

Reference is first made to fig. 1, which illustrates a system for 
monitoring information dissemination via fax machines, constructed and 
operative according to a preferred embodiment of the present invention; 
the fax sender 100 uses the fax machine 102 in order to send a fax. The 
10 fax is then sent to the fax traffic monitor 112 , together with the relevant 
details of the recipient. The fax traffic monitor 112 , which preferably 
comprises a data reconstruction unit & image analyzer component 114 , 
extracts the digital content of the fax and the image, transform it to a 
graphic image representing at least part of the information within the fax 
15 and preferably transform the graphical information into a set of 
characters using an Optical Character Recognition (OCR) software. The 
set of recognized characters is transferred, preferably as a text file, to the 
analyzer 116 , which analyzes the content of the document in order to 
detect whether the content of the fax message corresponds to the 
20 contents of a confidential document, or whether the fax message 
contains certain key-words or key-phrase, preferably utilizing the 
database 118. The results of the analysis are then transferred to the 
policy reference component 120 , which determines the required policy, 
preferably using the information stored in the database 122 . Descriptions 
25 ol the required action are then sent to the policy enforcement component 
124 , which perform the required actions: e.g., to allow the message to be 
transferred to allowed recipients (e.g., using telephone system 126 , such 
as plain old telephone service (POTS)), or to block the transmission. 

Turning now to figure 2, there is illustrated a flowchart that 
_>0 describes the various stages that comprises a method for monitoring and 
controlling fax traffic, operative according to a preferred embodiment of 
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the present invention. As illustrated therein, the administrator and/or the 
security officer of the organization and/or any other authorized person 
within the organization first define a set of data items to be protected, 
such as documents, credit-card numbers, social-security numbers, 
5 certain key-words and key-phrascs etc. (stage A, indicated by 210). 
These data items or their characteristics are then extracted and stored, 
e.g., in the identifier database 118 described in fig. 1 (stage B, indicated 
by 220). When a user attempts to send a fax message outside the 
organization (stage C, indicated by 230) the fax message is first 
10 transferred to the fax traffic monitor indicated as item 112 in fig. I 
(stage D, indicated by 240). The textual content of the message is then 
analyzed by the analyzer indicated as item 116 in fig. 1 , which may 
utilizes the database indicated as item 118 in fig. 1 (stage E, indicated by 
250), to thereby identify the source of the data and/or to detect other 
15 restricted information items, such as keywords, key-phrases, credit-card 
numbers etc. (stage F, as indicated by 260). The policy reference 
monitor, indicated as item 120 in fig. 1, then determines the required 
policy according to the results of the identification & detection process, 
and applies it using the policy enforcement component indicated as item 
20 124 in fig. 1 (stage G, as indicated by 270). 

In a preferred embodiment of the present invention, the policy 
relerence determines the required actions to be managed in accordance 
with: 

• The pre-determined policy. 

25 • The classification of the document. 

• The classification of the user. 

• The authentication level of the user. 

In a preferred embodiment of the present invention, for each 
usage the policy comprise one or more of the follows: 

30 • F.nable/disable transmission. 

• Restricting the transmission, according to a pre- 
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determined set of restrictions (e.g., allow the fax to be 
transferred only to some of the intended recipients) 

• Reporting about the transmission 

• Monitoring the transmission 

5 In a preferred embodiment of the present invention, system is 

applied as a part of an information distribution policy enforcement 
system, that enforce the organizational distribution policy also with 
respect to e-mail and/or other electronic distribution channels, as 
described, e.g. r in US patent application number US2002129140, 
10 “System' and method for monitoring unauthorized transport of digital 
content , the content of which is hereby incorporated herein by 
reference in their entirety. 

In a preferred embodiment of the present invention, the system 
includes components operable to connect to modem-based (legacy) fax 
1 5 machines and to forward the fax messages to a central computer, where 
these messages are preferably analyzed. The legacy fax communications 
is basically analog, and based on telephone infrastructure. When a fax is 
sent, a telephone call is established between the two modems, then 
modem communication is established, and only then, the fax data is 
20 transferred, usually using Rl,fi (run length encoding). An idle phone line 
is a high resistance (‘open’) loop on which die switch supplies 48 Volt 
DC voltage. When the line is ringing, die switch supplies 88 Volt 20 
Hertz AC for short periods (in old phones, this voltage was directly used 
for ringing). When a call is established from die phone the loop closes 
25 (the resistance drops), and die voltage drops to 3-9 Volls DC, this is 
perceived as an off-hook signal by the switch. The switch sends a dial 
tone (a continuous tone), and then dialing occurs. Dialing is done in one 
of two ways: pulse dialing, made up from a series of very short openings 
of the loop (on-hooks), and DTMF (dual tone multi frequency) dialing 
30 which is made up from a series of composite tones. After the switch 
receives the number, it establishes a call to the receiving fax, and waits 
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for it to go off-hook. During the waiting time, it sends a ringing tone (a 
slow periodic tone). If the other side is busy, the sender (commonly 
kno\vn as the originating) fax will receive a busy tone (a faster periodic 
tone). After the receiving (commonly known as terminating) fax 
5 answers, a modem handshake occurs, and the data is sent. 

Considering the legacy hardware implementation described 
above, in a preferred embodiment of the present invention the modem 
traffic is intercepted using at least one of the following methods and 
techniques: 

10 • Simulating a switch and a receiving fax, receiving the dialed 

digits and the sent fax, and then simulating a sending fax and 
sending the fax after it has been duly scanned. The switch can be 
simulated using a standard central-office (CO) card. This scheme is 
illustrated in fig. 3: (he fax machine 102 is connected to the fax 
15 traffic monitor 112 via the CO card 111. The fax traffic monitor 

1 1 2 obtains the faxed data and sends it for analysis at the analysis 
& policy determination components 115, which preferably 
comprises a data reconstruction unit & image analyzer component 
1.14, the analyzer 116, and the policy reference component 120 
20 described above. According to the results of the analysis and the 

pre-delined policy, the policy enforcement component instructs the 
modem 113 whether to block the transmission or to re-send the 
data via the telephone system 1 26. 

• Using a forwarding mechanism, commonly known as “hot 
25 line”, preferably provided by a local PBX (Private Branch 

Exchange) switch or a remote switch, and automatically 
forwarding all fax calls to be received by a modem mechanism. 
The forwarding occurs before dialing occurs, and directly after an 
off-hook is received the modem receives the dialing, and then the 
20 fax. The fax is stored, duly scanned and then, simulating a 

“sending fax is sent to the authorized recipients, according to 
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the pre-defined policy. The sending is preferably performed using 
the received dialing, and e.g., using DTMF (Dual Tone Multi 
Frequency) emulation. Fig. 4 illustrates this method: a “hot line” 
for the fax machine 102 is provided by a local PBX switch 104 
and all fax calls are automatically forwarded -to be received by a 
modem 111 and stored in the fax traffic monitor 112 for analysis 
and policy determination by the analysis and policy 
determination component 115. According to the results of the 
analysis, the policy enforcement component 124 instructs the 
modem 113 whether to forward the fax call to its intended 
recipients via the telephone system 126. 

• Instructing the fax users to dial a specific (internal) number, 
then “pause” (i.e., giving it a delay indication, causing it to pause 
for the specified duration between dialing the two numbers. Note 
that most modem faxes can receive a pause as part of the dialing 
when the fax accumulates the manually (or otherwise) dialed 
digits before it actually dials to send the fax). Then, after the 
pause, it dials the intended number, the specific number being the 
number of the intercepting modem. The intercepting modem 
receives the call, the dialing, and then the fax. The fax is then 
stored, duly scanned & analyzed. If it is allowed to be sent, the 
system simulates a sending fax and sends the fax using the 
received dialed number. Turning now to figure 5, there is 
illustrated a flowchart that describes the various stages that 
comprises the above method for monitoring and control fax 
traffic, operative according to a preferred embodiment of the 
present invention. As illustrated therein, the user first dials the 
internal number of the intercepting modem, (stage A, indicated 
by 510). The user then inserts a pause indication and then dials 
the intended recipient fax number (stage B, indicated by 520). 
The intercepting modem receiving the call, the dialed number, 
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and then the fax message (stage C, indicated by 530). Fax proxy 
sends fax for analysis and policy assessment (stage D, indicated 
by 540). For authorized messages, the system simulates a sending 
fax and sends the fax using the received dialed number, (stage £, 
5 indicated by 550) 

In a preferred embodiment of the present invention, the 
method utilizes eavesdropping capabilities (as opposed to proxying) to 
intercept fax traffic. In this case, the system attempts to determine 
whether the transport is allowed. The system logs the details of the 
10 transport and, in cases in which unauthorized transport is detected, the 
system preferably attempts to block the rest of the transport. 

Reference is now made to figure 6, which is a simplified 
illustration showing a conceptual illustration of a system, substantially 
similar to the system described in figure 1 , constructed and operative in 
15 accordance with a further preferred embodiment of the present 
invention. Parts that are the same or substantially similar as in previous 
figures are given the same reference numerals and are not described 
again except to the extent necessary for an understanding of the present 
figure. In the embodiment of Fig. 6, the system does not utilize 
20 proxying. Instead, a fax eavesdropper 109 obtains the faxed message 
using a standard phone eavesdropping technique, and sends the data for 
further analysis. In this case, if an unauthorized transport is detected, the 
system is operable to block or interfere with the rest of the transmission 
utilizing the policy enforcement component 124, e.g., by disconnecting 
25 the line or adding to the line a disruptive noise. 

In a preferred embodiment of the present invention, the system is 
operable to automatically put the details of the sender on the fax, cither 
in clear text or by using a special watermark. In a preferred embodiment 
of the present invention, the watermark is substantially imperceptible, 
,■>0 yet robust to tax encoding and to attempts to deliberately remove it, so 
that it can sene as forensic information for faxed messages and 
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documents, in a manner that allows identifying the source of the 
breached documents, thereby providing an effective deterrence. This is 
especially important in cases where the faxed message is sent to more 
then one recipient. Embedding of forensic information is preferably 
5 performed by altering parts of the information object in the lax message 
in a manner that is preferably substantially imperceptible, as described 
in PCT application number 11,02/00464, filed June 16 th , 2002. The 
forensic information can be inserted in two manners: textual, which 
requires to transform the fax message into text (e.g., using OCR), and 
10 then embedding forensic information within the text and pictorial, where 
the data is embedded m the graphical representation of the fax message. 

In a preferred embodiment of the present invention, the system is 
operable to put a marker that allows hist and elFective identification 
and/or classification of the lax and its content (e.g. by attaching header 

15 and/or footer, which includes the required descriptors or by using a 
barcode) 

Fig. 7 describes a system for automatic embedding of 
identification and/or forensic information in fax messages, constructed 
and operative according to a preferred embodiment of the present 
20 invention: a fax message is sent from the fax machine 102 to the fax 
traffic monitor 112 , the message is preferably subjected to analysis and 
the corresponding policy is preferably determined by the analysis and 
policy determination module 115 . According to the determined policy, 
the policy enforcement component 124 instructs the embedder 125 to 
25 embed the relevant details and/or substantially imperceptible forensic 
data. The embedded data is registered in the embedded data database. 

In a preferred embodiment of the present invention, the system 
utilizes methods for transforming phone-number to Domain-Name 
Server (DNS) addresses, in order to identify recipients and/or senders. 

fe a Preferred embodiment of the present invention, the system is 
operable to block fax transmission to certain recipients, identified by 
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their phone-number. 

In a preferred embodiment of the present invention, the system 
utilizes a centralized server that allows enforcement in de-centralized 
organizations. In this ease, the policy and preferably the identifiers of 
5 confidential documents, protected keywords etc. are stored at the central 
server. A local server performs the analysis and sends the descriptors to 
the central server. The central server attempts to identify the content 
and/or to identify key-words and key-phrases, in order to determines the 
required actions and sends instructions to the local servers which 
10 thereafter applies the required policy. Fig. 8 describes a system with a 
centralized server that allows enforcement in de-centralized 
organizations, constructed and operative according to a preferred 
embodiment of the present invention. Hie fax machines within the 
organization 102 arc connected to the local fax traffic monitor 112. 
15 which is connected to the local analyzer &. enforcer 117 , which analyzes 
the fax message. The results of the analysis are sent to the central policy 
reference component 119 , which determine the required policy, 
preferably, using the information stored in database 122 . Tn a preferred 
embodiment of the present invention, the database 122 also contains 
20 identifiers of the documents, and the central policy reference component 
119 is also operable to identify the faxed documents. Descriptions of the 
required action are then sent to the local analyzer & enforcer 117 , which 
performs the required actions: e.g., to allow (he message to be 
transferred to allowed recipients (e.g., using telephone system 126 , such 
25 as plain old telephone service (POTS)), or to block the transmission. 

In a preferred embodiment of the present invention, the analysis 
of the content is performed on the fax-machine itself, using specialized 
hardware that allows the analysis of the image scanned by the fax the 
machine and preferably also identification of the key-words and/or key- 
30 phrases and/or the source of the document, in order to apply the 
inlormation distribution accordingly. 
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In a preferred embodiment of the present invention, some of the 
fax messages that are sent are preferably encrypted, according to a pre- 
determined policy, and the key is sent to the recipients in another 
channel. 

5 In a preferred embodiment of the present invention, the fax is 

sent directly to the user voice mailbox (providing that the user voice 
mailbox support fax receiving) or to the user’s unified messaging 
service, which is provided by many communication companies, thereby 
limiting the possibility of unauthorized attempts to access the content of 
10 the fax. 

In a preferred embodiment of the present invention, the fax traffic 
monitor and the analyzer are based on a tamper resistant software 
component. 

The present invention successfully addresses the shortcomings of 
15 the presently known configurations by providing a method and system 
for allow monitoring and controlling of unauthorized dissemination of 
fax messages, which can efficiently serve digital privacy and 
confidentiality enforcement. 

It is appreciated that one or more steps of any of the methods 
20 described herein may be implemented in a different order than that 
shown, while not departing from the spirit and scope of the invention. 

While the present invention may or may not have been described 
with reference to specific hardware or software, the present invention 
has been described in a manner sufficient to enable persons having 
25 ordinary skill in the art to readily adapt commercially available 
hardware and software as may be needed to reduce any of the 
embodiments of the present invention to practice without undue 
experimentation and using conventional techniques. Although the 
invention has been described in conjunction with specific embodiments 
30 thereof, it is evident that many alternatives, modifications and variations 
will be apparent to those skilled in the art. Accordingly, it is intended to 
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embrace all such alternatives, modifications and variations that fall 
within the spirit and broad scope of the appended claims. All 
publications, patents and patent applications mentioned in this 
specification are herein incorporated in their entirety by reference into 
5 the specification, to the same extent as if each individual publication, ' 
patent, or patent application was specifically and individually indicated 
to be incorporated herein by reference. In addition, citation or 
identification of any reference in this application shall not be construed 
as an admission that such reference is available as prior art to the present 
10 invention. 
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